The Groups log of Symantec Encryption Management Server, available from the admin interface under Reporting / Logs continuously displays an error message containing the phrase "Ldap Rule with No Attribute Value pair".
The /var/log/ovid/groupd-YYYY-MM-DD.log file and the admin interface display errors similar to this:
In Symantec Encryption Management Server, users can be assigned to groups using LDAP Directory Synchronization rules. Typically, users will be assigned to SEMS groups based on their membership of Active Directory security groups.
Under some circumstances, probably as a result of very high server load and replication problems, changes to the group membership rules are not saved correctly to the relevant tables in the database. This can result in some records not being deleted and "orphan" records remaining in some tables.
When the regrouping service runs, it cannot process these orphan records and an error message is generated.
There are several possible ways to resolve this issue. Please try each in turn:
If the messages continue, carry out the following steps:
If the error messages continue, please contact Symantec Technical Support who can delete the orphan records from the underlying tables.
Issue observed in Symantec Encryption Management Server 3.3.2 MP1 but other releases are very likely to be affected.